{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b37f0cdf-f823-5e91-accb-7890be360d69", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "5.3.27-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e39d4de2-f8c3-5df9-96cf-fc880c14382b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2427230a-c9d9-5cf1-9665-fb25e2e7b95a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f76157f2-4c4e-507e-942e-8a3568509ee8", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1cedb88b-648d-571b-b210-d62dab33abd9", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1f32dff4-bc6f-5d04-a1c4-f7688e1a97f6", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:80c570ae-fe20-55e1-8d2e-b5d85b255afc", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2233b1a3-dfb3-5f1a-aaf8-593e75da5731", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f3c03992-b220-5a54-84c0-a677b86fde63", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bb6ce655-2066-5ba7-b162-95c277aba98b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dd8b2b2e-a8c0-57be-8629-df0a53e2f0f1", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:121c58c8-ec81-559e-93f6-f498f5518438", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c5cf0c3c-7a5e-5202-8d7d-6ecd977c8f9c", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-framework-bom 5.3.27-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5ff8bdb8-2743-591f-a056-4a40b653b706", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c47a0683-125e-51a7-bf00-e9380f518ce3", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d9e7e330-1fa4-5323-b5e2-acc9f2f9836b", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ab647d43-220f-5a72-b841-8aa8d3284b54", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5fbad5f5-d7b4-5f1c-8cc1-edc4d26dc4ef", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a17a6df9-c01c-5760-a0c1-8a637614abb5", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:678fa153-3ee5-513e-b2bd-26181c2c178a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9326d873-95b5-59f0-9aa4-ff2a15a251e0", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5ff88bcf-2201-5033-9713-a5c3763b58dc", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:45a1fdd8-e605-58ca-923d-92052ebb84c4", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:01420eb2-6af1-5d5b-9f82-cb27e4b8dd06", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b10630e3-44aa-5e47-87af-3c6f616d17b8", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:54d6ad59-7161-584a-812f-9398ea85455c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d9e7209-8991-5206-82cd-4f8b84d2d0a0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7dcc1d22-f302-519f-a515-8cb4feb6a7de", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e2174cfa-87e8-5674-8f48-853b9d7141a2", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:35ca3d85-604c-5821-b383-f3469497622d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0f4c34a4-f9ee-5429-a3c6-9896e87c1dfa", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f42e2bdf-2d7a-5253-9e63-a1ba58949f51", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:039f0bfa-5e8d-5380-aaae-739a569c447e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:91349fea-3d02-5eef-8b59-4e14a0fa6b14", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:db185027-d750-54ec-a19c-cf4274d935fe", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dbe9a612-b4f7-5512-a023-cf27709c847c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aaa2b706-4d68-5dcb-93a8-9e5ff8ee42f6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a1400940-d64f-54a2-980a-74129a42fe43", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.4 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@5.3.27-tuxcare.4" } ] }